Today is a big day for surveillance law junkies, as the Office of the Director of National Intelligence gave us a giant document dump of newly declassified documents. The documents have to do with Foreign Intelligence Surveillance Act’s Section 702 which deals with online data collection. In my opinion the most interesting document is the 2013 compliance assessment of NSA, FBI and CIA’s minimization procedures. The document is rather hefty, but it presents an interesting picture of how a spy agency goes about implementing internal compliance measures.
Let me make some disclaimers before I begin the rest of the post so that there’s no confusion:
- I do not approve of any attempts by any agency to lie or otherwise misstate their capabilities.
- I find the reliance on administrative oversight rather than an external oversight agency to be disturbing.
- I do not approve of retaining information that by statute is required to be destroyed.
With all that said, I find the document provides additional perspective that recent FOIA disclosures of Foreign Intelligence Surveillance Court (FISC) opinions had started to illuminate. Namely, does the collection of domestic data and NSA’s opaque answers to the subject indicate willful malice or petty bureaucratic politics?
Based on the documents we currently have available much of the problematic aspects of the NSA’s section 702 programs seems to come from a muddled effort by various organizations to create an ad hoc oversight/compliance system rather than an attempt to impose some draconian surveillance state intent on reading all your emails. The behavior of the NSA toward the FISC particularly with various disclosures of exceeding their authorized capabilities read more as sheepish admissions that they don’t have the capability to sift as cleanly through foreign and domestic signals intelligence than a way of telling the FISC that it’s toothless.
The compliance document, the Inspector General’s report on technical malfeasance, and the FISC decision give us the picture of a bureaucratic institution that’s still figuring out the extent of its own capabilities and how to deal with new oversight procedures put in place by the Administration since 2009. The picture is pretty scary not so much in that it shows a vast, Orwellian surveillance agency gauging all your thoughts, but an institution that has a lot more capabilities than it knows what to do with, stumbling around to figure out the best way to provide adequate oversight.
The end result I think is that there’s probably a need for an institution that does more audits of agencies for oversight of this sort in addition to the DOJ. Perhaps a congressional agency along the lines of the CRS. But yes as they say, never ascribe to malice what can be explained by simple bureaucracy.
I agree with the final comment The other modification to the comment is never ascribe to malice that which can be explained by simple incompetence. The Snowden incident suggests incompetence in deciding who gets system admin privileges. (Likely getting the job done trumps doing things in a secure way) Many of the scandals of this time really are about incompetence.Report
I don’t get it.
The FISA court found that the NSA violated the terms of search parameters THREE times over the course of two years or so. And they still skated with a slap on the wrist. Let me repeat that. A US gov’t agency violated the law three times and walked with no significant repurcussions. This tells me the entire process needs to be reviewed and rewritten. I want people fired and prosecuted. Maybe then we’ll get compliance.Report